The ideas is to put a high profile vulnerability, worms/virus and other security releated stuff on the web site and disucss it.

It maybe a good addition to bugtraq and other mailing list. The website also include the lastest virus thread from symantec and the mailing list of bugtraq and full-disclosure from seclists.org and other good stuff..

Finally make it up to use at http://lids.9781.org, hope I can make it on http://forum.9781.org in the future. The forum is good to do some documentation which need to edit a lot.

I am posting the "Hacking LIDS 2.2" series on it. When I finished, a new SGML file could be created and HTML finally on the webpage.

LIDS LIVE CD

I am using SLAX script to genereate a LIVE-CD with Fedora and LIDS. In order to do that, I already hack a lot on the script to make it works on initrd and other things.

The object is to make a LIDS LIVE_CD avaiable for user to use as needed. And I also want to use kernel 2.6 , but the overly filesystem is not supported, maybe I can hack a little bit on it to see if I can make it work on kernel 2.6.

It seems that this worm do not have the high impact on the network like blaster or nachi. But seems the new virant have much more high impact now.

From all the worm outbreak, we can tell since human naturaly are lazy, it wont solve the problem if you ask people to patch the system. A lot of solution has come out, like IDS,IPS, HIDS and buffer overrun prevetion tool, but it still wont solve the problem if MS still dominate the OS world.

One possibility is to make the OS variant, with randomize library, ramdomize DLL name etc. :-(

I am pretty happy that tomorrow is "big friday" and I can use the whole day to read the new book The shellcoder's Handbook. I was wondering how reliable the book will explain the windows heap overflow.

The new version of LIDS 2.2 will remove the origninal xattr support, but will use the inode labeling concept to enhance the acl search/labeling performance.

The new version compatible with old version of LIDS, the only difference is after all the lidsconf acl, user need to do a

#lidsconf -C

to compile the acl into a binary file..kernel will read this binary file to parse it. The benifit is now kernel only need to read one file and will not do all the atoi() etc..and will make it more secure.

The new version make the lidsconf do more job and let the kernel do less job. Now not only the process have the object list (a simple one, only contain a sid and oid and a inherit ) and the object also have a list showing which program have what kind of permisson on it. In this way, process will do all the inherit merging staff and checking its acl with the object inode's peromssion bits.

Another enhancement is when fetching an inodes' acl, if it is not attached, will go to check its parent dir until found an acl. once found, the acl will attached to it and all the parent directory. In this way, the next time, when the same inode being accessed, it will get the acl right away, even if the file is not the same, but in the same directory, it will only go up once to its direct parent and get the inode. This way will accelate the performance when doing acl comparision/checking.

I was thinking of making a new directory under the lidstools to include the most useful acls. For example, ACLs for apache, Acls for bind etc. I guess that will help the first-time user to make it easier to pick it up.

After the version release, there some post on the mailing list disappoited about some of features remove, especially the time support. I explained to one of the post.

Comparing the more memory needed , more function to support it with the actually usefulness of the function, I decided not to support this feature. When you have the time support, you can specify at what time range the subject(program) can access the object(file), without it, the program can always can write to the object(file), from the security point of view, the time support do not increase the security bar, because the attacker can launch the attack at the specific time or just try every one min.

More QA testing on the whole package again and enhance a few thing. One nice feature is to add the object filename in xattr, which will let the user know which file has the permission on which object file.

Fedora Core I

Install a Fedora Core I and configure it to use LIDS 2.2..found one minor problem is the ACL setting on sshd can not be automatically attaching to the sshd which is still running in the system. I have to do a "+RELOAD_CONF" to make it effetive. ;_((.. but anyway, It should not make user confuse since we still have to do it for now.

release it today ??

let's see, if I find any problem or not..I already finished a draft for the new features and the website content changed. Hope I can make it today.